ClawHub

Bitrix24 Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Bitrix24 integration skill with real account access, write capability, and local event files, but the behavior matches its stated purpose and includes meaningful guardrails.

Install only if you intend to let an agent work with your Bitrix24 account. Use least-privilege webhook/OAuth scopes, keep secrets out of chat and source control, review write/destructive plans before confirming them, avoid --allow-unlisted except for controlled testing, and protect or rotate any .runtime audit, retry, idempotency, and DLQ files. Test the offline worker on a non-production portal first, especially because it clears events after processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to use local scripts that can read environment variables, access files, write files, and make network calls, but the skill does not declare these capabilities as permissions. That mismatch weakens policy enforcement and user visibility, making it easier for a caller to trigger sensitive actions such as using Bitrix24 credentials from the environment, modifying local files, or calling external APIs without an explicit permission boundary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The DLQ writer persists the full event payload, which may include CRM records, user data, auth metadata, or other sensitive fields from Bitrix24 events. Because this worker is an integration component that handles real production events, writing raw payloads to local JSONL without redaction, minimization, retention controls, or access safeguards increases the risk of sensitive data exposure through filesystem access, backups, log collection, or incident response artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal